Scam alert! Fake emails on COVID vaccination

Another phishing scam has spoofed Singapore’s Ministry of Manpower yet again

Scam alert! Fake emails on COVID vaccination

Singapore’s Ministry of Manpower (MOM) is alerting the public to an email scam that collects personal information from recipients, purportedly in connection with a COVID-19 vaccination drive. The fake email is the latest phishing scam to impersonate the ministry.

The MOM posted a warning on its official Facebook page advising the public to refer only to the official MOM website – mom.gov.sg – when transacting with the agency. Officials showed how phishing emails often come from sites with names such as “ministryofmanpower” or “mom-sg”. These addresses are socially engineered to fool people into thinking the source is official or the transaction is secure.

Read more: How to steer clear of social engineering scams

“Members of the public who have been affected by the phishing website are advised to lodge a police report,” MOM said. “We will continue to monitor for such fake websites and work to bring them down. We also remain committed to keeping the official MOM website secure and your data safe.” They also provided tips for spotting fraudulent emails claiming to be from the agency.

Read more: Beware! Phishing scam uses voice calls to 'trick' workers

The scam uses the classic strategy of targeting specific people or businesses and presenting bogus information, before prompting people to click on a link and input personal data into a fake form. The email, addressing employers with the heading “COVID-19 Vaccination for all Workers,” states:

 

“As the vaccination exercise will be progressively rolled out for all working class over the next few weeks, we seek your assistance to take your time to fill your contact details in the attached contact form.”

 

In June 2020, some people also received a similar message spoofing the MOM. The identity thieves cited the pandemic as an excuse – “using the COVID-19 support fund as a lure to get recipients to click on the embedded phishing link,” the ministry said at the time.